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DETAILED ACTION 

1. This action is in response to the communication filed on May 05, 2004. Claims 1 
- 23 were received for consideration. No preliminary amendments to the specification 
were filed. Claims 1 - 23 are currently being considered. 

2. An initialed and dated copy of Applicant's IDS form 1449 is attached to the Office 
action. 

Specification 

3. The title of the invention is not descriptive. A new title is required that is clearly 
indicative of the invention to which the claims are directed. 

The following title is suggested: Method for securely supporting password 
change. 

4. The disclosure is objected to because of the following informalities: Too many 
typographical mistakes and spacing problems. For example on Page 1, paragraph 
[0003], replace "company' ss" with "company's" and paragraph [0004], replace 
"password 's" with "password". 

Appropriate and careful corrections throughout specification are required. 
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Claim Rejections - 35 USC § 102 

The following is a quotation of the appropriate paragraphs of 35 U.S.C. 102 that 
form the basis for the rejections under this section made in this Office action: 
A person shall be entitled to a patent unless - 

(b) the invention was patented or described in a printed publication in this or a foreign country or in public 
use or on sale in this country, more than one year prior to the date of application for patent in the United 
States. 

5. Claims 1 -7, 11, 18 -20 are rejected under 35 U.S.C. 102(b) as being clearly 
anticipated by Bellemore et al. (U.S. Patent Number 5,944,825, hereinafter "Bell"). 

Regarding Claim 1 , Bell teaches and describes a method of securely supporting 
password change (Bell Fig. 1 - 5; Summary and Column 3 line 29 - Column 7 line 19), 
comprising the steps of: 

detecting an occurrence of a password change operation in execution on a 
system (Bell Column 4 lines 5 - 37); 

detecting the new password when provided (Bell Column 4 lines 33 - 40); and, 

storing data indicative of the new password in a database other than the 
password database associated with the password change operation for later retrieval, 
the data indicative of the new password for use in providing the new password provision 
to the system automatically (Bell Column 4 lines 33 - 42 and Column 6 line 66 - 
Column 7 line 16). 
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Regarding Claim 5, Bell teaches and describes a method of securely supporting 
password change (Bell Fig. 1 - 5; Summary and Column 3 line 29 - Column 7 line 19), 
comprising the steps of: 

detecting a change password operation in execution on a system (Bell Column 4 
lines 5-37); 

displaying to a user a prompt for a new password, the prompt independent of the 
password change operation (Bell Column 3 lines 29 - 52 and Column 4 lines 33 - 40); 

receiving the new password (Bell Column 4 lines 33-40); 

performing an operation to change the password to the new password in the 
system (Bell Column 4 lines 33 - 40 and Column 6 lines 1 - 22); and, 

storing the new password in a database independent of the change password 
operation and of the database where the changed password is stored by the change 
password operation (Bell Column 6 lines 1 1 - 36). 

Regarding Claim 7, Bell teaches and describes a method of securely supporting 
password change (Bell Fig. 1 - 5; Summary and Column 3 line 29 - Column 7 line 19), 
comprising the steps of: 

detecting a password change operation in execution on a system (Column 4 lines 
5-37); 

displaying to a user a prompt for authentication information, the prompt 
independent of the password change operation (Bell Column 3 lines 29 - 52 and 
Column 4 lines 33 -40); 
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receiving the authentication information (Bell Column 4 lines 20 - 33 and Column 
5 lines 47-53); 

when the authentication information is indicative of a known user, performing an 
operation to change the password of the known user to a new password in the system 
(Bell Column 4 lines 33 - 42; Column 5 lines 54- 59 and Column 6 line 66 - Column 7 
line 13); and, 

storing the new password in a database independent of the change password 
operation and of the database where the changed password is stored (Bell Column 6 
lines 1 1 - 36 and Column 7 lines 4 - 19). 

Regarding Claim 20, Bell teaches and describes a method of securely supporting 
password change (Bell Fig. 1-5; Summary and Column 3 line 29 - Column 7 line 19), 
comprising the steps of: 

detecting a password change operation in execution on a system having a known 
user authorized thereon (Bell Column 4 lines 5 - 37); 

automatically generated a new password (Bell Column 1 lines 1 1 - 34 and 
Column 7 lines 4 - 19); 

performing an operation to change the password to a new password in the 
system (Bell Column 4 lines 33 - 42; Column 5 lines 54- 59 and Column 6 line 66 - 
Column 7 line 13); and, 
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storing the new password in a database independent of the change password 
operation and of the database where the changed password is stored (Bell Column 6 
lines 1 1 - 36 and Column 7 lines 4-19). 

Claim 2 is rejected applied as above in rejecting Claim 1. Furthermore, Bell 
teaches and describes a method of securely supporting password change (Bell Fig. 1 - 
5; Summary and Column 3 line 29 - Column 7 line 19), wherein the step of detecting an 
occurrence of a change of password operating in execution on a system comprises the 
step of detecting a new password prompt (Bell Column 4 lines 33 - 37) 

Claim 3 is rejected applied as above in rejecting Claim 1. Furthermore, Bell 
teaches and describes a method of securely supporting password change (Bell Fig. 1 - 
5; Summary and Column 3 line 29 - Column 7 line 19), comprising the steps of: 

prompting a user to provide authorization data (Bell Column 2 lines 34-41 and 
Column 4 lines 33 - 37); and 

associating the authorization data with the password (Bell Column 2 lines 34 - 
59; Column 4 lines 20 - 42 and Column 7 lines 4 -1 9). 

Claim 4 is rejected applied as above in rejecting Claim 1. Furthermore, Bell 
teaches and describes a method of securely supporting password change (Bell Fig. 1 - 
5; Summary and Column 3 line 29 - Column 7 line 19), wherein the step of detecting 
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the new password comprises the step of detecting the new password at least two 
separate times (Bell Column 3 line 56 - Column 4 line 42). 

Claim 6 is rejected applied as above in rejecting Claim 5. Furthermore, Bell - 
teaches and describes a method of securely supporting password change (Bell Fig. 1 - 
5; Summary and Column 3 line 29 - Column 7 line 19), wherein the step of detecting 
the change password operation in execution on a system comprises the step of 
detecting password change command operations (Bell Column 4 line 33 - 37). 

Claim 1 1 is rejected applied as above in rejecting Claim 7. Furthermore, Bell 
teaches and describes a method of securely supporting password change (Bell Fig. 1 - 
5; Summary and Column 3 line 29 - Column 7 line 19), wherein the step of performing 
an operation to change the password comprises the step of providing the new password 
to the system (Bell Column 7 lines 5-19). 

Claim 18 is rejected applied as above in rejecting Claim 7. Furthermore, Bell 
teaches and describes a method of securely supporting password change (Bell Fig. 1 - 
5; Summary and Column 3 line 29 - Column 7 line 19), comprising the step of 
performing another operation to change another password of known user to the new 
password (Bell Column 7 lines 5-19). 
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Claim 19 is rejected applied as above in rejecting Claim 7. Furthermore, Bell 
teaches and describes a method of securely supporting password change (Bell Fig. 1 - 
5; Summary and Column 3 line 29 - Column 7 line 19), comprising the step of: 

determining all passwords identical to the password being changed and 
automatically performing at least another operation to change each identical password 
of the known user to the new password (Bell Column 8 line 46 - Column 9 line 9). 



Claim Rejections - 35 USC § 103 

The following is a quotation of 35 U.S.C. 103(a) which forms the basis for all 
obviousness rejections set forth in this Office action: 

(a) A patent may not be obtained though the invention is not identically disclosed or described as set 
forth in section 102 of this title, if the differences between the subject matter sought to be patented and 
the prior art are such that the subject matter as a whole would have been obvious at the time the 
invention was made to a person having ordinary skill in the art to which said subject matter pertains. 
Patentability shall not be negatived by the manner in which the invention was made. 

6. Claims 8- 10 and 12 - 15 are rejected under 35 U.S.C. 103(a) as being 
unpatentable over Bellemore et al. (U.S. Patent Number 5,944,825, hereinafter "Bell") in 
view of Novoa et al. (U.S. Patent Number 6,636,973, hereinafter "Novoa"). 

Claim 8 is rejected applied as above in rejecting Claim 7. Furthermore, Bell 
teaches and describes a method of securely supporting password change (Bell Fig. 1 - 
5; Summary and Column 3 line 29 - Column 7 line 19), prompt for authentication 



Application/Control Number: 09/977,202 Page 9 

Art Unit: 2136 

information (Bell Column 4 lines 5 - 37). Bell does not teach that the prompt for 
authentication information a prompt for biometric information. However, Novoa 
discloses a biometrics-based password change method for securely changing password 
includes prompting for authentication information wherein authentication information a 
prompt for biometric information (Column 4 lines 40 - 63 and Column 5 lines 3 - 43). 
Therefore it would have been obvious to one having ordinary skill in the art at the time 
the invention was made to modify Novoa's biometric-based password change method 
into the securely password changing method of Belle's. 

Bell could have been modified by Novoa to arrive at the claimed invention by 
having the database, security process that are adapted for monitoring and detecting the 
password change request to request for the authentication information (Bell Column 4 
lines 5 - 37) to be biometric information as taught by Novoa (Novoa Column 2 lines 27 
- 41 and Column 6 lines 3 - 26). One of ordinary skill in the art would have been 
motivated to modify Bell by Novoa as discussed above because in a password based 
system, an unauthorized person who is able to obtain a valid password can still access 
the system while in a biometric-based system, the user needs both password and 
biometric information to access the system, thus using biometric authentication 
information would increase and improve network and system security as taught by 
Novoa. 
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Claim 9 is rejected applied as above in rejecting Claim 8. Furthermore, Bell 
teaches and describes a method of securely supporting password change (Bell Fig. 1 - 
5; Summary and Column 3 line 29 - Column 7 line 19), comprising the steps of: 

providing biometric information (Novoa Column 4 lines 59 - 61 and Column 6 
lines 27 -41); 

processing the provided biometric information to provide the biometric data 
(Novoa Column 6 lines 67 - Column 7 line 65); 

comparing the biometric data with a stored template (Novoa Column 7 lines 36 - 
65); and 

in dependence upon a comparison result retrieving a user password from a 
database (Novoa Column 7 line 36 - Column 8 line 10). 



Claim 10 is rejected applied as above in rejecting Claim 7. Furthermore, Bell 
teaches and describes a method of securely supporting password change (Bell Fig. 1 - 
5; Summary and Column 3 line 29 - Column 7 line 19), wherein the prompt for 
authentication information prompt for information stored on a smart card (Novoa 
Column 7 lines 29-35). 



Claim 12 is rejected applied as above in rejecting Claim 7. Furthermore, Bell 
teaches and describes a method of securely supporting password change (Bell Fig. 1 - 
5; Summary and Column 3 line 29 - Column 7 line 19), wherein the step of performing 
an operation to change the password comprises the step of prompting the user to select 
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between provision of the new password and automatic generation of the new password 
(Novoa Column 7 lines 1-10 and lines 39 - 54). 

Claim 14 is rejected applied as above in rejecting Claim 7. Furthermore, Bell 
teaches and describes a method of securely supporting password change (Bell Fig. 1 - 
5; Summary and Column 3 line 29 - Column 7 line 19), wherein the step of performing 
an operation to change the password comprises the step of automatically generation of 
the new password (Novoa Column 7 lines 1-10 and lines 39 - 54). 

Claims 15 and 21 are rejected applied as above in rejecting Claims 13 and 20. 
Furthermore, Bell teaches and describes a method of securely supporting password 
change (Bell Fig. 1 - 5; Summary and Column 3 line 29 - Column 7 line 19), wherein 
the automatically generated new password is unknown to the user (Novoa Column 7 
lines 1 - 10 and lines 39 - 54). 

Claim 13 is rejected applied as above in rejecting Claim 12. Furthermore, Bell 
teaches and describes a method of securely supporting password change (Bell Fig. 1 - 
5; Summary and Column 3 line 29 - Column 7 line 19), wherein the step of performing 
an operation to change the password comprises the step of automatically generation of 
the new password (Novoa Column 7 lines 1 - 10 and lines 39 - 54). 
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7. Claims 16, 17, 22 and 23 are rejected under 35 U.S.C. 103(a) as being 
unpatentable over Bellemore et al. (U.S. Patent Number 5,944,825, hereinafter "Bell") in 
view of Novoa et al. (U.S. Patent Number 6,636,973, hereinafter "Novoa") further in 
view of Schneier (Bruce Schneier "Applied Cryptography, Second edition; hereinafter 
"Schneier"). 

Claims 16 and 22 are rejected applied as above in rejecting Claims 15 and 21. 
Furthermore, Bell teaches and describes a method of securely supporting password 
change (Bell Fig. 1 - 5; Summary and Column 3 line 29 - Column 7 line 19), wherein 
the automatically generated new password is an encryption key (Bell Column 7 lines 5 - 
1 9 and Novoa Column 7 lines 1-10 and lines 39 - 54 and Column 8 lines 11 - 1 8). 
Bell discloses securely changing password and Novoa discloses automatically 
generating new password. Even when taken together, Bell and Novoa do not disclose 
that the newly generated password is an encryption key. However, Schneier teaches 
that the passwords that are generated using randomly as taught by Novoa can be used 
as encryption keys (Schneier Pages 173 and 174). Therefore it would have been 
obvious to one having ordinary skill in the art at the time the invention was made to 
modify Novoa's biometric-based password change method into the securely password 
changing method of Belle's and to use the automatically generated password as an 
encryption key. 

Bell could have been modified by Novoa to arrive at the claimed invention by 
having the database, security process that are adapted for monitoring and detecting the 
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password change request to request for the authentication information (Bell Column 4 
lines 5 - 37) to be biometric information as taught by Novoa (Novoa Column 2 lines 27 
- 41 and Column 6 lines 3 - 26) wherein the password is an encryption as taught by 
Schneier. One of ordinary skill in the art would have been motivated to modify Bell by 
Novoa and Schneier as discussed above because in a password based system, an 
unauthorized person who is able to obtain a valid password can still access the system 
while in a biometric-based system, the user needs both password and biometric 
information to access the system, thus using biometric authentication information would 
increase and improve network and system security as taught by Novoa wherein the 
password is an encryption key, as taught by Schneier. 

Claims 17 and 23 are rejected applied as above in rejecting Claims 16 and 22. 
Furthermore, Bell teaches and describes a method of securely supporting password 
change (Bell Fig. 1 - 5, Summary and Column 3 line 29 - Column 7 line 19) Bell 
discloses securely changing password and Novoa discloses automatically generating 
new password (Bell Column 7 lines 5-19 and Novoa Column 7 lines 1-10 and lines 
39 - 54 and Column 8 lines 11 - 18). Even when taken together, Bell and Novoa do not 
disclose that the new password is encrypted using the encryption key. However, 
Schneier teaches that the new password is encrypted using the encryption key 
(Schneier Page 173 and 174). Therefore it would have been obvious to one having 
ordinary skill in the art at the time the invention was made to modify Novoa's biometric- 
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based password change method into the securely password changing method of Belle's 
and to encrypt the password using an encryption key to provide secure password. 

Bell could have been modified by Novoa to arrive at the claimed invention by 
having the database, security process that are adapted for monitoring and detecting the 
password change request to request for the authentication information (Bell Column 4 
lines 5 - 37) to be biometric information as taught by Novoa (Novoa Column 2 lines 27 
- 41 and Column 6 lines 3 - 26) wherein the password is encrypted using the 
encryption key as taught by Schneier. One of ordinary skill in the art would have been 
motivated to modify Bell by Novoa and Schneier as discussed above because in a 
password based system, an unauthorized person who is able to obtain a valid password 
can still access the system while in a biometric-based system, the user needs both 
password and biometric information to access the system, thus using biometric 
authentication information would increase and improve network and system security as 
taught by Novoa wherein the password is encrypted using the encryption key which is 
difficult to decrypt without the key, as taught by Schneier. 
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Conclusion 



8. The prior art made of record and not relied upon is considered pertinent to 
applicant's disclosure. See PTO Form 892. 

Any inquiry concerning this communication or earlier communications from the 
examiner should be directed to Pramila Parthasarathy whose telephone number is 571- 
272-3866. The examiner can normally be reached on 8:00a.m. To 5:00p.m.. 

If attempts to reach the examiner by telephone are unsuccessful, the examiner's 
supervisor, Ayaz Sheikh can be reached on 571-232-3795. The fax phone number for 
the organization where this application or proceeding is assigned is 703-872-9306. 

Information regarding the status of an application may be obtained from the 
Patent Application Information Retrieval (PAIR) system. Status information for published 
applications may be obtained from either Private PAIR or Public PAIR only. For more 
information about the PAIR system, contact the Electronic Business Center (EBC) at 
866-217-9197 (toll-free). 




Pramila Parthasarathy 
January 21, 2005. 



